Mesh networks may become a target for a variety of malicious attacks. The first and possibly most important step in defending against a malicious attack is detecting that such an attack has been launched against the network. A “grey-hole attack,” in particular, is an attack by a malicious node where the malicious node (MN) discards either some or all of the packets that it was asked to forward by neighboring nodes rather than forwarding them to their intended destination (e.g., to a root node, head-end, application end-point, etc.). This issue is even more problematic when combined with attacks on control protocols. For example, the MN could manage to attack the routing protocol, advertise good paths, and attract additional traffic. The MN may determine which packets it should drop either by examining the content of the packets and discarding specific packets, or, in case the packets are end-to-end encrypted, the ML may randomly select packets and discard them.
The head-end could mitigate this attack by signing and potentially encrypting each one of the acknowledgment (ACK) messages it sends to the originating node. However, in Low power and Lossy Networks (LLNs) that employ low power processors, the overhead of encrypting and decrypting each message may be prohibitive. In particular, LLNs (e.g., sensor networks) have a myriad of applications, such as Smart Grid and Smart Cities, though various challenges are presented with LLNs, such as lossy links, low bandwidth, battery operation, low memory and/or processing capability, etc.